All the vulnerabilites related to AMD - Athlon™ Series
cve-2021-26335
Vulnerability from cvelistv5
Published
2021-11-16 18:08
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:23.907Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:25:06", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26335", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26335", "datePublished": "2021-11-16T18:08:39.387145Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T18:24:42.318Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26362
Vulnerability from cvelistv5
Published
2022-05-12 17:43
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
Summary
A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.904Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:43:15", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26362", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26362", "datePublished": "2022-05-12T17:43:15.598731Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T19:41:16.010Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26361
Vulnerability from cvelistv5
Published
2022-05-12 17:46
Modified
2024-09-17 01:06
Severity ?
EPSS score ?
Summary
A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.531Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:46:01", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26361", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26361", "datePublished": "2022-05-12T17:46:01.990877Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T01:06:56.408Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26317
Vulnerability from cvelistv5
Published
2022-05-12 18:27
Modified
2024-09-17 01:10
Severity ?
EPSS score ?
Summary
Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:19:20.472Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T18:27:48", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26317", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26317", "datePublished": "2022-05-12T18:27:48.589066Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T01:10:36.785Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26390
Vulnerability from cvelistv5
Published
2022-05-10 18:24
Modified
2024-09-16 23:11
Severity ?
EPSS score ?
Summary
A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.332Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:12:33", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26390", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26390", "datePublished": "2022-05-10T18:24:25.459441Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T23:11:12.188Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12944
Vulnerability from cvelistv5
Published
2021-11-16 18:17
Modified
2024-09-16 17:04
Severity ?
EPSS score ?
Summary
Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:18.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T15:27:11", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2020-12944", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2020-12944", "datePublished": "2021-11-16T18:17:24.768272Z", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-09-16T17:04:09.696Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26388
Vulnerability from cvelistv5
Published
2022-05-11 16:29
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.337Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:29:06", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26388", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26388", "datePublished": "2022-05-11T16:29:06.174576Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T23:01:19.603Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26366
Vulnerability from cvelistv5
Published
2022-05-12 17:09
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.139Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:09:29", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26366", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26366", "datePublished": "2022-05-12T17:09:29.825927Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T01:51:13.541Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26363
Vulnerability from cvelistv5
Published
2022-05-12 18:39
Modified
2024-09-17 02:21
Severity ?
EPSS score ?
Summary
A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.452Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T18:39:33", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26363", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26363", "datePublished": "2022-05-12T18:39:33.159439Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T02:21:07.904Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26384
Vulnerability from cvelistv5
Published
2022-07-14 19:28
Modified
2024-09-16 23:15
Severity ?
EPSS score ?
Summary
A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.316Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-14T19:28:56", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26384", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26384", "datePublished": "2022-07-14T19:28:56.918810Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T23:15:36.383Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26386
Vulnerability from cvelistv5
Published
2022-05-12 18:28
Modified
2024-09-16 17:53
Severity ?
EPSS score ?
Summary
A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.370Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T18:28:38", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26386", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26386", "datePublished": "2022-05-12T18:28:38.025992Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T17:53:15.058Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26382
Vulnerability from cvelistv5
Published
2022-07-14 19:28
Modified
2024-09-16 22:29
Severity ?
EPSS score ?
Summary
An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.544Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-14T19:28:30", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26382", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26382", "datePublished": "2022-07-14T19:28:30.676749Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T22:29:40.793Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12951
Vulnerability from cvelistv5
Published
2021-11-16 18:06
Modified
2024-09-17 01:35
Severity ?
EPSS score ?
Summary
Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:18.878Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:16:35", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2020-12951", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2020-12951", "datePublished": "2021-11-16T18:06:30.578358Z", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-09-17T01:35:37.916Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26352
Vulnerability from cvelistv5
Published
2022-05-10 18:26
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.497Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:15:01", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26352", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26352", "datePublished": "2022-05-10T18:26:07.477969Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T16:58:20.622Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26351
Vulnerability from cvelistv5
Published
2022-05-12 17:18
Modified
2024-09-16 22:41
Severity ?
EPSS score ?
Summary
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.483Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:18:51", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26351", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26351", "datePublished": "2022-05-12T17:18:51.729866Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T22:41:24.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26376
Vulnerability from cvelistv5
Published
2022-05-11 16:28
Modified
2024-09-16 17:58
Severity ?
EPSS score ?
Summary
Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.469Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:28:09", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26376", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26376", "datePublished": "2022-05-11T16:28:09.769017Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T17:58:27.535Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26378
Vulnerability from cvelistv5
Published
2022-05-11 16:23
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.909Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:23:26", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26378", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26378", "datePublished": "2022-05-11T16:23:26.758045Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T20:22:35.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26372
Vulnerability from cvelistv5
Published
2022-05-11 16:18
Modified
2024-09-16 19:15
Severity ?
EPSS score ?
Summary
Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:18:58", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26372", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26372", "datePublished": "2022-05-11T16:18:58.798210Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T19:15:19.878Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26312
Vulnerability from cvelistv5
Published
2021-11-16 17:55
Modified
2024-09-16 17:54
Severity ?
EPSS score ?
Summary
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:19:20.142Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-665", "description": "CWE-665 Improper Initialization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:30:46", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26312", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-665 Improper Initialization" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26312", "datePublished": "2021-11-16T17:55:24.198997Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T17:54:14.669Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26336
Vulnerability from cvelistv5
Published
2021-11-16 18:04
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:23.912Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:44:49", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26336", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26336", "datePublished": "2021-11-16T18:04:08.054768Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T17:33:06.189Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26369
Vulnerability from cvelistv5
Published
2022-05-12 17:07
Modified
2024-09-16 19:51
Severity ?
EPSS score ?
Summary
A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.431Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:07:32", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26369", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26369", "datePublished": "2022-05-12T17:07:32.274198Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T19:51:13.979Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26375
Vulnerability from cvelistv5
Published
2022-05-11 16:20
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.284Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:20:03", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26375", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26375", "datePublished": "2022-05-11T16:20:03.207552Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T03:43:15.285Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26368
Vulnerability from cvelistv5
Published
2022-05-12 18:22
Modified
2024-09-16 22:09
Severity ?
EPSS score ?
Summary
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.027Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T18:22:27", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26368", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26368", "datePublished": "2022-05-12T18:22:27.719737Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T22:09:04.185Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26337
Vulnerability from cvelistv5
Published
2021-11-16 18:24
Modified
2024-09-17 03:49
Severity ?
EPSS score ?
Summary
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:23.926Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:42:04", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26337", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26337", "datePublished": "2021-11-16T18:24:01.483891Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T03:49:09.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26373
Vulnerability from cvelistv5
Published
2022-05-11 16:27
Modified
2024-09-16 16:32
Severity ?
EPSS score ?
Summary
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:24.768Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:27:13", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26373", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26373", "datePublished": "2022-05-11T16:27:13.373606Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T16:32:39.034Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12946
Vulnerability from cvelistv5
Published
2021-11-16 18:01
Modified
2024-09-17 00:55
Severity ?
EPSS score ?
Summary
Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ Series |
Version: various |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:18.980Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T17:29:08", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ], "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2020-12946", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" } ] }, "source": { "advisory": "AMD-SB-1027", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2020-12946", "datePublished": "2021-11-16T18:01:28.187239Z", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-09-17T00:55:32.489Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26339
Vulnerability from cvelistv5
Published
2022-05-11 16:18
Modified
2024-09-17 01:56
Severity ?
EPSS score ?
Summary
A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 | x_refsource_MISC | |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | EPYC™ Processors |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:23.938Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Ryzen\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "product": "Athlon\u2122 Series", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "A bug in AMD CPU\u2019s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:18:02", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ], "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26339", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPYC\u2122 Processors", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Ryzen\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } }, { "product_name": "Athlon\u2122 Series", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A bug in AMD CPU\u2019s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" }, { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" } ] }, "source": { "advisory": "AMD-SB-1027 and AMD-SB-1028", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26339", "datePublished": "2022-05-11T16:18:02.079030Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T01:56:55.986Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }